IT security for industrial control systems

Abstract: The National Institute of Standards and Technology (NIST) is working to improve the information technology (IT) security of networked digital control systems used in industrial applications. This effort is being carried out through the Process Control Security Requirements Forum (PCSRF), an industry group organized under the National Information Assurance Program (NIAP). The PCSRF is working with security professionals to assess the vulnerabilities and establish appropriate strategies for the development of po… Show more

“…It is critical for the success of the ICS security program that senior management [28] buy into and participate in the ICS security program. Senior management needs to be at a level that encompasses both IT and ICS operations.…”

“…Application Server A computer responsible for hosting applications to user workstations. [28] Attack An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, availability, or confidentiality.…”

“…[13] Control Server A server that hosts the supervisory control system, typically a commercially available application for DCS or SCADA system. [28] Control System A system in which deliberate guidance or manipulation is used to achieve a prescribed value for a variable. Control systems include SCADA, DCS, PLCs and other types of industrial measurement and control systems.…”

“…[19] Database A repository of information that usually holds plantwide information including process data, recipes, personnel data, and financial data. [28] Data Historian A centralized database supporting data analysis using statistical process control techniques.…”

“…[19] Distributed Plant A geographically distributed factory that is accessible through the Internet by an enterprise. [28] Disturbance An undesired change in a variable being applied to a system that tends to adversely affect the value of a controlled variable. [21] Domain Controller A server responsible for managing domain information, such as login identification and passwords.…”

Guide to Industrial Control Systems (ICS) Security : Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC)

“…It is critical for the success of the ICS security program that senior management [28] buy into and participate in the ICS security program. Senior management needs to be at a level that encompasses both IT and ICS operations.…”

“…Application Server A computer responsible for hosting applications to user workstations. [28] Attack An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, availability, or confidentiality.…”

“…[13] Control Server A server that hosts the supervisory control system, typically a commercially available application for DCS or SCADA system. [28] Control System A system in which deliberate guidance or manipulation is used to achieve a prescribed value for a variable. Control systems include SCADA, DCS, PLCs and other types of industrial measurement and control systems.…”

“…[19] Database A repository of information that usually holds plantwide information including process data, recipes, personnel data, and financial data. [28] Data Historian A centralized database supporting data analysis using statistical process control techniques.…”

“…[19] Distributed Plant A geographically distributed factory that is accessible through the Internet by an enterprise. [28] Disturbance An undesired change in a variable being applied to a system that tends to adversely affect the value of a controlled variable. [21] Domain Controller A server responsible for managing domain information, such as login identification and passwords.…”

Guide to Industrial Control Systems (ICS) Security : Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC)

Training the Human-in-the-Loop in Industrial Cyber Ranges

A Taxonomy of Vulnerabilities, Attacks, and Security Solutions in Industrial PLCs